If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Attempted hack through Wireless?

Hello,

I was wondering if somebody on this forum could advise me here? I live in an apartment building with about 10 - 20 other wireless networks in addition to my own visible to my computer's wireless card at any time. I have my own router WEP encrypted and the admin for the wireless is also set up with a password so only I can access it.

My question is: I have noticed at times strange login ID's saved in the login boxes for various web sites I need to login at: email accounts, ebay account, paypal, etc. They all look the same. Here's exactly what will happen:

I will log in at Gmail with my login name, "otisisbald"

a few days later, when logging in again, I notice as I type in "otisisbald" and that term autofills in the login box, I see another term also prefilling which will look like this: "otisbotisbotisbotisb...." It appears as if somehow the first portion of my login ID was typed into the login box repeatedly. If i select that, the password box will then have what appears to be a limitless amount of characters.

I have a similar situation occur with logging into ebay on another of the ID's I use there.

It occured to me that somehow there could be a remote attempt to log in to those accounts through my computer, although as I mentioned my wireless is secure, and I don't have a wireless keyboard so I'm not sure how my computer could have been accessed remotely. I am using an updated version of McAfee antivirus and regularly check for spyware on my computer.

So just to confirm, are you saying that the autofill terms in no way could be in there due to some bot on my computer or other remote attempt, through my computer, to log into those various accounts? I am fully sure that i did not type the terms, and this has happened to me on two different laptops I have owned while using this wireless router. Do you think this could be some browser issue where it somehow remembers a series of characters from the log in term?

Enable auditing on your workstations and keep an eye out for unauthorized login attempts. Be sure to password protect your user accounts. I also recommend that you change your passwords to passphrases. Use different passphrases for your computer login than your online accounts. Its also wise to use different passphrases for each online account. I know this can be a bit of a pain to remember all those passphrases, but I've managed to come up with a scheme that relates to the specific service or site.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

hknetmaster, do you know how I could try to detect the bot of the type you mentioned? I have run all major updated anti virus and spyware and my computer is clean according to them.

Also, re: the bot. Is it possible for hte computer to become remotely controlled by a bot or other type automated program purely through the wireless? Assuming i did not actually download a virus, I'm not sure how this could be possible. It does occur to me that somebody could track my keystrokes through the wireless, and then on a remote computer attempt to log in to my accounts, but I can't see how a bot could actually try to access my accounts from the web browser on my computer via my wireless. That would mean that the bot is accessing my computer through a similar signal as the one that comes from my router with the internet, correct? I wasn't aware that was possible, but I'd be grateful if you could enlighten me as to how this works

The best way to detect the bot is to enable auditing as phishphreek said. And see if there is some program(bot) trying to use the browser.
As I said before WEP is not secure, and is possible that someone has access to your network and infected your computer with the bot and/or manipulate the data between your computer and the Internet.
I donīt understand the last part. But I think the bot is a program in your computer that simulates a person interacting with the browser, with the objective of accessing accounts that have the password memorized in the browser.

Spybot or AdAware are two of the most common spyware detectors. Use these to verify that all is good. What Antivirus are you using? Dont use easy to guess passwords for your Access Point and the Default password is worse. too many people use the default linksys Admin Admin and thats where they go wrong. Turn off file sharing and make sure your firewall is up and running. Turning off your PC at night is also a good idea. Saves you on the electric bill and keeps crackers out of your computer. On the wireless side remove the SSID so that it is undetected. There is a log you can use to see what computers are connected to the network. once you know what computers are connected get that persons MAC address and block him. there are also access restrictions times you can set on the wireless router so they cant connect after a certain time. There are alot of other things you can do but this information sould be enough to keep the basic war driver at bay or at least frustrated enough to move on.

once a cracker gets the key, he can access the network. he has time to crack the admin pw for router to delete logs and change settings. but how can he dig out other connected computers' pws? i know he could see the computer names listed in the router, but where will he obtain win usernames and bruteforce pw? usually when you try to connect to a comp via \\computername it just says" not authorized," w/o a username and pw prompt.